The report (PDF) has dropped, and indeed it contains few surprises. It tells the now-familiar story of serious and organised criminals, foreign state-sponsored actors, and other “cyber adversaries”, all of whom are getting better at what they do.

“The cyber threat to Australian organisations is undeniable, unrelenting and continues to grow. If an organisation is connected to the internet, it is vulnerable. The incidents in the public eye are just the tip of the iceberg,” begins the report’s foreword.

“Cyber adversaries are aggressive and persistent in their efforts to compromise Australian networks and information. They are constantly improving their tradecraft in an attempt to defeat our network defences and exploit new technologies,” it says later.

“Australia is an innovative country with a globally important resources sector. We are a regional leader with global interests and important partnerships. This makes Australia a target-rich environment for cyber adversaries.”

All of which is true, of course, but all of which has been said so many times before.

I spoke about the report today with Will Goodings on 1395 FIVEaa Adelaide — with somewhat less disappointment in my voice.

So SIM card manufacturer Gemalto has responded to the claims that America’s NSA and Britain’s GCHQ had hacked their network in 2010 and 2011 and stolen SIM card encryption keys. I spoke about that response on ABC Radio’s AM this morning.

If nothing else, it seems unlikely that Gemalto could have conducted a thorough forensic investigation in just six days — although they may have just dig out a report they’d prepared earlier.

Here’s how AM introduced the story today:

Overnight the world’s largest SIM card manufacturer has responded to allegations it was hacked by American and British spies. Dutch company Gemalto confirmed it was the target of sophisticated hacks in 2010 and 2011, and most likely the US National Security Agency and their British counterparts were responsible. Last week, documents from Edward Snowden alleged spies stole encryption keys from Gemalto, giving them potential to monitor mobile communications. But Gemalto denies there was mass theft of encryption keys and says their products are secure.

Again, I won’t repeat the background, because it’s all in my first post on the subject. But I will say that this is the most detailed conversation about it so far, because presenter Will Goodings and I spoke for 13 minutes.

That said, there’s not much more information than we had yesterday. Gemalto isn’t due to hold its press conference until late this evening Australian time, so we’ll know more tomorrow.

The second radio spot I did on The Great SIM Heist — or perhaps I should say the claimed heist, or even the alleged heist — was for the Sydney talk radio station 2UE on Tuesday afternoon.

I won’t repeat all the background. See my previous post for that. But I will say that it’s always interesting to hear the different questions asked and concerns raised by different presenters. And of course my responses differ in content and style to match the style of the program and the radio station.

Here’s the full seven-minute chat with drive presenter Justin Smith. At the end, we seem to have invented a new regular segment. And at least this time I pronounced Gemalto correctly.

American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden…

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

The company in question is Gemalto. With headquarters in Amsterdam, and 28 “personalisation facilities” around the world that burn the encryption keys into SIM cards, it has nearly 30% of the market — making it an obvious target for spooks.

The story started to filter through to the mainstream media on Monday in the US, or Tuesday Australian time, and I’ve already done two radio spots on the topic — and doubtless there’ll be more to come.

The first spot was an interview for ABC Radio, and parts of it ended up in this report on The World Today.

[The three Australian mobile network operators] Telstra, Vodafone and Optus have all confirmed that Gemalto has supplied their SIM cards. Sarah Sedghi reports.

This was the week that the Australian media returned from holidays. What caught the eye, or ear, of Justin Smith on Sydney’s radio 2UE on Tuesday afternoon was the series of hacks and planned hacks for political purposes.

Comment on current affairs programs happens in the most random ways. Last Tuesday I did a quick comment on the newly-revealed Regin spyware from a park bench in Sydney — a quick break while dashing between Wynward railway station and lunch.

Now at the time of doing this piece for ABC Radio’s The World Today, I’d read the report in The Intercept, and a couple of mainstream news stories that had bounced off that, but I hadn’t read either of the white papers from Symantec (PDF) or Kaspersky Lab (PDF).

For an initial comment on mainstream radio that was probably enough of an orientation, but with the benefit of hindsight a few days later, well, I might have put things slightly differently.

Last Wednesday I had the very great pleasure to moderate an event titled “Data Retention: the European Experience”, a public conversation with Privacy International’s legal director Carly Nyst. The audio from the event forms the latest Corrupted Nerds: Conversations podcast.

This is a live issue in Australia right now. Australia’s favourite Attorney-General, Senator George Brandis QC, has said, “This is very much the way in which western nations are going, it’s been the case in Europe under the European Data Retention directive for some little while now.” Except that’s not true.

What Brandis didn’t say was that the European Court of Justice has declared the blanket recording of telecommunications data to be a breach of human rights. It isn’t a proportionate response to the claimed threat, and there’s no evidence that it’ll actually even help.

Europe is now winding back data retention. Well, except for the UK.

In this hour-long conversation, Nyst and I discuss the legal and historical background to data retention; the risks of the blurring law enforcement and foreign signals intelligence-gathering for national security; the revelations of Edward Sowden; and whether Australia really does have robust democratic institutions which can protect us from the risks of surveillance over-reach.

The event was organised by Electronic Frontiers Australia and the Australian Privacy Foundation.

I’m headed to Canberra this week to hear Eugene Kaspersky, chief executive officer and chairman of Kaspersky Lab, speak at the National Press Club on Thursday 7 November.

It’ll be an interesting event.

When I last spoke with Kaspersky in May — you can listen to that conversation now, because it became the first episode of the Corrupted Nerds: Conversations podcast — it was before Edward Snowden’s revelations began. Before “all of the cybers” changed from being something of interest only to a few specialist technology and national security writers into front page news around the world.

Actually, I’ll embed it here so you don’t even have to click through.

I suspect that the kinds of questions asked by the insular and largely Canberra-bound press gallery journalists will be as revealing of the state of play as the words of the Russian information security star himself — and he knows how to work the media.

Kaspersky is speaking at the NPC at lunchtime on Thursday, immediately after which I’ll be reporting on it for ZDNet Australia. But I’ll be in Canberra from early Wednesday afternoon through until Friday afternoon, so if you want or need to catch up, do let me know.

Disclosure: I am travelling to Canberra as the guest of Kaspersky Lab.

This evening I had a lovely conversation on ABC Local Radio in Sydney and around NSW on the takedown of the Silk Road internet marketplace and the Tor anonymity software that made such anonymity possible.

My week of Monday 27 July to Sunday 2 August 2015 represented a remarkable turnaround — perhaps the turnaround that I’d been detecting in the winds since June. And then there’s the bushfire. It’s all so complicated! Why? It was a full week with a properly-working computer — a week spent in a house with […]

NASA sends a boy band to Pluto. Prime Minister Crusader Rabbit makes sense of the Middle East, more or less. And we hear some presciently ironic words from Singapore. In this podcast, there’s talk of Singapore, censorship, wine, and taxes. Amongst other things. You can listen to the podcast below. But if you want all […]

The (relatively) new Australian Cyber Security Centre (ACSC) released its first-ever unclassified threat report yesterday, but as I wrote at ZDNet, I was disappointed. The report (PDF) has dropped, and indeed it contains few surprises. It tells the now-familiar story of serious and organised criminals, foreign state-sponsored actors, and other “cyber adversaries”, all of whom […]

I’ve finally launched the Pozible crowdfunding campaign to get myself a replacement computer, The 9pm Urgent Hardware Refresh. This chart shows the progress so far. There should be plenty of information on that Pozible page. But if you want the full back story, check out the original announcement, and the follow-up post. An episode of […]